[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[K12OSN] Re: K12OSN digest, Vol 1 #197 - 3 msgs



> Subject: [K12OSN] conversion from ipchains to iptables
> Date: Mon, 03 Jun 2002 07:21:19 -0500
> From: Andy Hall <andy well-nap k12 mo us>
> Reply-To: k12osn redhat com
> To: k12osn redhat com
> 
> Good morning!
> 
> I've updated our firewall to RH 7.2 and now I want to convert from
> ipchains
> to iptables so some users can use FTP in some applications - won't
> work in
> ipchains because of NAT.  I'm having trouble getting our transparent
> redirect to work correctly and thought someone might be able to help?
> 
> Here's what I have for basic rules I'm working with right now:
> 
> ############################
> #eth0 == private side (10.x.x.x)
> #eth1 == public side (204.x.x.x)
> 
> iptables -P INPUT DROP
> iptables -A INPUT -s 10.x.x.0/24 -j ACCEPT
> iptables -A INPUT -s 204.x.x.0/24 -j ACCEPT
> iptables -A OUTPUT -d 10.x.x.0/24 -j ACCEPT
> iptables -A OUTPUT -d 204.x.x.0/24 -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth1 -d ! 10.x.x.0/24 -j MASQUERADE

I hate to point out the obbvious - but shouldn't the REDIRECT apply to
the the private side incoming eth if (i.e. eth0)?

> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 REDIRECT
> --to-port 3218

Also, if you firewall eth0, you will need an INPUT chain rule to allow
the modified packets through.

--Yan

-- 
Why "Yankee Doodle" should be the national anthem:
"....
"Whose broad stripes and bright stars, and dollar's delight,
"..."
Akari, age 4, singing the Star Spangled Banner

spam killer code kpwq1jkcsEzdx39gnkVvgycd15ayqq





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]